From d9fdc8d3da9301594d749b8cd4ba6081318dd740 Mon Sep 17 00:00:00 2001
From: pallo <pallo@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Wed, 3 Jan 2001 14:12:43 +0000
Subject: [PATCH] Fixed bug #126497 + problem with error handling in
 src/addressbook.php.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@908 7612ce4b-ef26-0410-bec9-ea0150e637f0
---
 functions/addressbook.php | 8 +++++++-
 src/addressbook.php       | 6 +++---
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/functions/addressbook.php b/functions/addressbook.php
index 595507cc..8e20224c 100644
--- a/functions/addressbook.php
+++ b/functions/addressbook.php
@@ -335,13 +335,19 @@
 	    $this->error = _("E-mail address is missing");
 	    return false;
 	 }
+
+	 if(eregi("[\: \|\#\"\!]", $userdata["nickname"])) {
+	    $this->error = _("Nickname contain illegal characters");
+	    return false;
+	 }
+
 	 if(empty($userdata["nickname"])) {
 	    $userdata["nickname"] = $userdata["email"];
 	 }
 
 	 // Check that specified backend is writable
 	 if(!$this->backends[$bnum]->writeable) {
-	    $this->error = sprintf(_("Addressbook %s is read-only", $bnum));
+	    $this->error = _("Addressbook is read-only");;
 	    return false;
 	 }
 
diff --git a/src/addressbook.php b/src/addressbook.php
index 5e80b335..c1d584b7 100644
--- a/src/addressbook.php
+++ b/src/addressbook.php
@@ -202,7 +202,7 @@
 	       printf("<INPUT TYPE=hidden NAME=backend VALUE=\"%s\">\n",
 		      htmlspecialchars($olddata["backend"]));
 	       print "<INPUT TYPE=hidden NAME=doedit VALUE=1>\n";
-	       print "</FORM>";	       
+	       print "</FORM>";
 	    }
 	 }
 
@@ -230,9 +230,9 @@
 	       print "</TABLE>\n";
 	       address_form("editaddr", _("Update address"), $newdata);
 	       printf("<INPUT TYPE=hidden NAME=oldnick VALUE=\"%s\">\n",
-		      htmlspecialchars($newdata["nickname"]));
+		      htmlspecialchars($oldnick));
 	       printf("<INPUT TYPE=hidden NAME=backend VALUE=\"%s\">\n",
-		      htmlspecialchars($newdata["backend"]));
+		      htmlspecialchars($backend));
 	       print "<INPUT TYPE=hidden NAME=doedit VALUE=1>\n";
 	       print "</FORM>";	       
 
-- 
2.25.1